Hi and welcome to this course on infrastructure security.
My name is Scott Russ, and I'm gonna be your instructor today.
I have over 21 years of experience in the I T and Security Space. I've done a little bit of everything from hands on engineering to consulting to executive management within cybersecurity. So I'm gonna bring a lot of different perspectives to the topic of infrastructure security.
I'm a current CE SSP, which is a certified information systems security professional and a little fun. Fact about me is I have a pug in a mastiff and my pug thinks he's a mastiff in my master thinks he's a pug.
In order to get the most out of this course today, you're gonna have tohave some basic fundamental knowledge of networking and how networks work. Understand what a land and when is and what a villain is and that the conceptual, foundational things behind networking
you're gonna also need some fun, fundamental knowledge of system architecture. So what is a CPU and ram and storage, and how did those things work together to form a full system?
And then you'll need to have some what I call definitional knowledge just some basic definitional knowledge of security technologies you need toe. Just understand what a firewall is, and I ps and ideas in this course we're gonna get into the practical application of those technologies. But it's good to have that basic, fundamental definitional knowledge of what they are before we get started.
The target audience for this course, our systems and network engineers and architects. So those folks who have their there in the weeds, they they're doing system or network things every day, and they want to understand how what they're doing fits into the larger infrastructure security topic.
This course will always also be good for I T managers and security leaders. So those people who drive I t policy and security policy or who drive the conversation within the organization, you're gonna get some high level understanding of all of the different technologies with infrastructure security and how they tie in together to help you paint the bigger picture.
At the end of this course, you'll be able to talk about some of the common vulnerabilities that air that air. Ah, put our infrastructure at risk and how to mitigate those vulnerabilities.
We're gonna talk about the different layers of infrastructure security. So when we talk about infrastructure security, it's important to conceptualize at different layers. We can break it down on each layer and talk about the protections. We can put it place at each layer, and it helps us paint the overall picture.
We're also gonna talk at the end of the course about some security models and will define them a little bit. But we'll talk more about the practical application of those models and how we can take what we learn in this course and apply it to those models to meet whatever requirements those models demand.
Let's define the word infrastructure.
According to Merriam Webster, infrastructure means the underlying foundation or basic framework of a system or organisation.
Now, in terms of a city, you can think about it as all of the roads and utilities and the gas stations and the critical buildings that allow that city to function without roads, nobody just driving anywhere, And without utilities, there's no electricity. It's all of the things that a lot of people take for granted but are completely foundational and critical
to the success of that city,
and I t infrastructure is very much the same. It's all of that underlying hardware and software and networks and all of those things that are required to support information technology services and therefore support the organization and its goals
before we jump into the first module I want to talk about these three last points on the 1st 1 is
infrastructure. Security is a very large and complex undertaking. We're gonna learn about a lot of different things throughout this course.
You don't have to do every one of those things to be successful at infrastructure security. We'll talk at the end of the course about a risk based approach to security, and that will help tie everything together. But investors security itself is very large and complex. You're not gonna do it all at once, so it's important to just understand the concepts,
identify what's the biggest risk to the organization
and then work towards mitigating those risks.
It also is gonna require constant evolution. So it's not something you can set and forget. You're not gonna build your infrastructure security model and walk away from it.
Technology always changes, and people come in and out of the organization all the time. and every time those changes happened, you're gonna need to rethink your model and maybe make tweaks to it. So it's it's a it's a living thing. It's gonna always evolve.
And finally, infrastructure security cannot be accomplished in a vacuum. And what I mean by this is there's no one person or department that's going to be able to deliver comprehensive infrastructure security.
There's one. You can't have one person or organization that drives the conversation, but it's going to require cooperation amongst departments and some really conversations about risk versus reward in order to achieve comprehensive infrastructure security.
Okay, that'll do it for our introduction. Next up, we'll jump right into module one, where we're going to talk about the threat landscape.